Next/Prev entities should point to only entities in the queryset that the user is allowed to see

[gythaogg]

Continuing #1412

Consider the following ID sequence
1000, 1001*, 1002, 1003*, 1004 where entities marked with * are not accessible to the user.

Expected behaviour from page 1002:

• Prev takes the user to 1000
• Next takes the user to 1004

Current behaviour:

• Prev takes the user to login page with a redirect to 1001
• Next takes the user to login page with a redirect to 1003

I believe for a smooth experience, just like the listview that hides entities that the user doesn't have permissions to see, the next/prev links in the detail page should only link to the next/prev entities in the listview queryset that the user is allowed to see.

[b1rger]

do you know if that works if you use your custom manager solution?

[gythaogg]

I haven't quite managed to select different custom managers for different user access tiers (fiddling around middleware to get the user data).
But if I set a cusom queryset using a manager then the next/prev links will only show the next/prev available objects in this queryset. If the user tries to access an object outside this queryset directly using a URL then it will throw Page not found to that user

[b1rger]

I haven't quite managed to select different custom managers for different user access tiers (fiddling around middleware to get the user data).

We are already using the crum middleware, so you could get the request using the get_current_request method - which then gives you the user

[gythaogg]

from crum import get_current_user - Thanks a lot!

Yes, I can confirm that if I setup the list access like so in the model then Prev/Next links will only take the user to the entities that are accessible to the user

This is the PR in Tibschol that implements it - https://github.com/acdh-oeaw/apis-instance-tibschol/pull/196/commits

The approach works well also with the other (nastier) custom managers I have for Instance and Work models.